Home > .NET APIs > System Namespace > System.Xml Namespace > XmlReader Class > ResolveEntity Method

XmlReader.ResolveEntity Method

public string ResolveEntity()

Summary

Resolves the entity reference and returns the replacement string. For use with DtdProcessing.Parse.

Return Value

The replacement string for the entity reference. If the entity is not a parsed general entity, null is returned.

Remarks

When the parser encounters an entity reference, it calls this method. This method can be used to programmatically resolve entity references. For example, you can use it to expand predefined entities such as < and >.

This method is called by the XmlReader when it encounters an entity reference.

If the entity reference is not a parsed general entity (e.g., a parameter entity or an external entity that cannot be resolved), this method should return null.

Important: To prevent security vulnerabilities such as XML external entity (XXE) attacks, it is highly recommended to disable DTD processing or configure it securely. When DtdProcessing.Parse is used, this method is invoked. Ensure you understand the implications and implement appropriate validation and sanitization if you are resolving entities.

Exceptions

Example

The following C# code demonstrates how to use XmlReader.ResolveEntity to process an XML document with entities:

// Example requires DtdProcessing to be set to Parse to invoke ResolveEntity using System; using System.Xml; public class Example { public static void Main(string[] args) { string xmlString = @"<?xml version=""1.0""?> <!DOCTYPE note [ <!ENTITY greeting ""Hello""> <!ENTITY company ""Microsoft""> ]> <note> <to>Tove</to> <from>Jani</from> <heading>Reminder</heading> <body>&greeting;, this is a reminder from &company;!</body> </note>"; var settings = new XmlReaderSettings(); settings.DtdProcessing = DtdProcessing.Parse; using (XmlReader reader = XmlReader.Create(new StringReader(xmlString), settings)) { while (reader.Read()) { switch (reader.NodeType) { case XmlNodeType.Element: Console.WriteLine($"Start Element: {reader.Name}"); break; case XmlNodeType.Text: Console.WriteLine($"Text: {reader.Value}"); break; case XmlNodeType.XmlDeclaration: case XmlNodeType.DocumentType: // Ignore declaration and DOCTYPE break; case XmlNodeType.EntityReference: // ResolveEntity is called implicitly when DtdProcessing.Parse is set // You can observe the resolved text content in reader.Value for Text nodes Console.WriteLine($"Encountered Entity Reference: {reader.Name}"); break; default: // Handle other node types as needed break; } } } } }

When you run this code, the output will show the resolved text content:

Start Element: note Start Element: to Text: Tove End Element: to Start Element: from Text: Jani End Element: from Start Element: heading Text: Reminder End Element: heading Start Element: body Text: Hello, this is a reminder from Microsoft! End Element: body End Element: note

Version Information

.NET Framework: Supported in version 1.0 and later.

.NET Standard: Supported in version 1.0 and later.

.NET Core: Supported in version 2.0 and later.